Microsoft have published a security advisory for a zero day attack being used against a "targeted audience" using Internet Explorer 6, 7, and 8. This atypically means corporate or business users still locked in to using these older browsers.

Update:

There is now a Metasploit module (ie_cdwnbindinfo_uaf)that emulates this attack, meaning this will move in to mainstream exploitation rapidly, thus mitigation steps should be taken so soon as possible.

Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff.